ROPSHELL 
ropshell> use ceb3c6477662a97134986a305ba814ad (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x243c0
total gadgets: 15660

ropshell> suggest "stack pivoting"
> 0x00057aef : mov rsp, rdx; ret
> 0x0003fb27 : xchg eax, esp; ret
> 0x00057af0 : mov esp, edx; ret
> 0x0007295b : mov esp, esi; jmp rdx
> 0x00072b81 : mov esp, edi; jmp rdx
> 0x00085925 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00085926 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0003cfb9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0008a054 : mov esp, eax; mov rax, r12; pop r12; pop r13; pop rbp; ret
> 0x000713e3 : mov esp, ecx; mov [rbp - 0x480], 1; jmp rdx
> 0x0008a065 : mov esp, ebp; pop rbx; mov rax, r12; pop r12; pop r13; pop rbp; ret
> 0x00156070 : push rax; pop rsp; lea rsi, [rax + 0x48]; mov rax, [rdi + 8]; jmp [rax + 0x18]
> 0x0007f2c8 : xchg ebx, esp; add [rax], al; add [rcx + rcx*4 - 0x16], cl; mov rsi, r12; mov rdi, rbx; call [r14 + 0x38]
> 0x00158460 : lea esp, [rax + 0x23b0]; xor esi, esi; mov [rax + 0x23b0], 1; mov rax, [rax + 0x23b8]; mov rdi, r12; call [rax + 0x28]
> 0x0002556a : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact